Nous utilisons des cookies pour améliorer notre page Web. Veuillez lire notre politique relative aux cookies .

AS-2024-004: OpenSSH

2024-07-17

Severity

Important

Status

Resolved


Statement

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). OpenSSH versions prior to 9.7p1 are susceptible to a vulnerability which can lead to sshd to handle some signals in an unsafe manner.

CVE-2024-6387 affected ASUSTOR products with ADM 4.3 and ADM 4.0. Updates with OpenSSH 9.8p1 will be released as soon as possible.

  • OpenSSH 9.8p1 has been updated on ADM 4.3.1.R752 and ADM 4.0.7.RVG1 to resolve the issues.

Affected Products

Product Severity Fixed Release Availability
ADM 4.3, 4.2 and 4.1 Important Upgrade to ADM 4.3.1.R752 or above.
ADM 4.0 Important Upgrade to ADM 4.0.7.RVG1 or above.

Detail

  • CVE-2024-6387
    • Severity: High
    • A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Reference


Revision

Revision Date Description
1 2024-07-03 Initial public release.
2 2024-07-08 Release ADM 4.3.1.R752 to update OpenSSH version for fixing the issues.
3 2024-07-17 Release ADM 4.0.7.RVG1 to update OpenSSH version for fixing the issues.